Количество 2
Количество 2
CVE-2023-28105
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.
GHSA-5g39-ppwg-6xx8
Go-huge-util vulnerable to path traversal when unzipping files
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28105 go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| GHSA-5g39-ppwg-6xx8 Go-huge-util vulnerable to path traversal when unzipping files | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу